Ofbiz@* Security Vulnerabilities and Issues — Ofbiz@* CVE List

Lucene search

ApacheOfbiz*

5 matches found

CVE•added 2023/12/26 3:15 p.m.•239 views

CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

9.8CVSS9.9AI score0.93996EPSS

CVE•added 2023/12/05 8:15 a.m.•169 views

CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

9.8CVSS9.5AI score0.93892EPSS

CVE•added 2023/04/14 4:15 p.m.•84 views

CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack.This issue affects Apache OFBiz: before 18.12.07.

7.5CVSS7.5AI score0.8349EPSS

CVE•added 2023/12/26 12:15 p.m.•74 views

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this...

7.5CVSS7.5AI score0.81592EPSS

CVE•added 2023/11/07 11:15 a.m.•48 views

CVE-2023-46819

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09

5.3CVSS5.3AI score0.00304EPSS